Kaseya Community

Mandatory 2FA is NOT Acceptable

  • This latest patch release Kaseya is mandating that 2FA be implemented.  While this may sound like a good idea, it needs to be optional.

    We run our on-premise VSA on a private VLAN accessible only by select IP addresses.  Not to mention multiple layers of firewalls between us and the outside world.

    We're in a building with near zero cell phone signal, making text impossible.  We would not want to have to wait for an email 2FA credential to reach us.

    As many of you know Remote Control is buggy and you have to exit and reenter multiple times sometimes as it is.  The timeout for the login is already very quick and it's already annoying to have to retype password many many times a day.   Adding 2FA would make this unbearable.

    I encourage anyone that feels the same to contact their account rep and let them know mandatory 2FA is not acceptable to you.

  • Couple of suggestions. If you're on-prem extend the timeout values for sessions and for MFA use an OTP code setup versus a SMS based one. These can ease the pain of MFA.

    Up to you for pushing for no 2FA, but more and more regulations and industries are going to mandate it. We are required to use it.

  • 100% agree. Mandatory 2FA for on-prem is a BAD idea.

    This should be entirely up to the client admins.

  • 2fa is basically not an option anymore... customers and regulations require it already and that is only growing. use OTP

  • Reached out to our account manager.  This is the response "Thank you for your feedback here. I understand your concern and I know that it is not an ideal situation, however I wanted to explain the reasoning. It is a hacker’s dream to obtain access to your VSA and it can destroy companies if they are able to get through. All RMM providers are mandating 2FA, not just Kaseya. "

    This should be a customer setting.

  • What Kaseya and most of you are missing here, is that it is not only a MSP tool. Companies are using it on-prem for their own infrastructure.

  • Hey,

    We have Kaseya VSA setup as Single Sign on With Azure AD, which DOES MFA.

    Even the Kaseya VSA can demand in the claims MFA is mandatory.

    a second  MFA on top of that is not something we are looking forward to.

    Kind Regards,

    Aswin

  • Correct, and that's my point.  We manage 220~ clients 100% internally on our own private network.   We don't need it, nor desire it.  Certainly if we were a MSP it would almost be mandatory, but it should be an option for us corporate guys.

  • I dont get it. Tick "remember me on this computer" at login - 2fa challenges me once a month. not multiple times a day.

    2fa is no hassle at all.

  • On Saas, "Remember me" still asks for 2FA once a day. A Trusted Device setting would be nice. And a much longer timeout.

  • I've used both on-prem and cloud based Kaseya 2FA. The cloud instance seems to respect the 2FA remember option, the on-prem setup has issues with it (once a day or multiple times a day prompting)

    Last case opened about this with support indicated there were issues and they were 'working on it'.